om/auth0-samples/auth0-aspnet-owin-mvc-samples/tree/master/Quickstart/01-Login sample, login using i.e. facebook everything works
hit the back button, universal login loads, hit facebook again
sample 404s on signin-auth0 as seen in screenshot
OpenIdConnectAuthenticationNotifications.AuthenticationFailed no fired, how to intercept this and handle this properly? While not common this is clearly an issue that needs graceful handling.
Updating Nuget packages to latest versions does not help.
This is on Windows 10 Visual Studio 2017 latest public versions…
Unfortunately, there does not seem to be an elegant way around this. When the OpenID Connect(OIDC) middleware initially gets invoked, it creates a nonce and stores this in a cookie. When the user completes the authentication on the Auth0 website and gets redirected back to your application, the OIDC middleware validates this nonce, and removes the cookie.
What happens in the scenario you described is that Auth0 once again redirects to your application, but this time around the nonce cannot get validated, because that cookie no longer exists.
I hoped that perhaps the AuthenticationFailed notification would get triggered so you can handle this more elegantly, but, as you pointed out, this does not seem to be the case. So in this scenario, I do not really see a way to handle this gracefully.
You may also try and ask this question on the Katana GitHub repository, since it is their middleware used in this example.
Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.
Wanted to reach out to know if you still require further assistance?